-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial version of a spec providing ILP payments for HTTP calls #149
Conversation
Oh and I skipped RFC number 13 to avoid bad luck. Bad enough that most of this spec was written on Friday 13th (1/13/2017), no need to pile it on. |
Unfortunately, Github doesn't seem to link it correctly otherwise.
f61c466
to
049d8fe
Compare
@justmoon can I merge? |
Would like to update this for the latest PSK/etc. changes before we merge. Stand by! |
|
||
The `fulfillment` is generated as: | ||
|
||
* Fulfillment: `HMAC(SHA256, condition_seed, destination_account || destination_amount)` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would destination_account || destination_amount
not always be equal to just destination_account
? Are there situations where destination_account
is undefined?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and I assume that here, in this example, condition_seed
is
Buffer.from('SkTcFTZCBKgP6A6QOUVcwWCCgYIP4rJPHlIzreavHdU', 'base64')
and not
Buffer.from('SkTcFTZCBKgP6A6QOUVcwWCCgYIP4rJPHlIzreavHdU', 'utf8')
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, I would put a counter in the destination address, so that you get a different condition each time you pay to the same receiving party
|
||
### 2.2. Server rejects request, because token is new and unfunded | ||
|
||
The server returns an HTTP error of `402 Payment Required` and includes response headers showing the amount (how much the request would have cost), an ILP address and a condition seed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-> a base64-encoded condition seed. otherwise people will try to use that string directly for the HMAC operation below
I used the The rest is a bit different though; it sends the X-Pay header first, without sending a body yet, and then streams the letters as you pay for them one-by-one. |
``` http | ||
POST /upload HTTP/1.1 | ||
Host: myservice.example | ||
X-Pay-Token: 7y0SfeN7lCuq0GFF5UsMYZofIjJ7LrvPvsePVWSv450 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't it just be Pay-Token
? See RFC 6648 on deprecating the X prefix
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, current unhash implementation uses Pay
and Pay-Token
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh, good to know :) I'll update that in my tutorial as well, then.
I created an updated version of this PR in #306 |
* docs: http-ilp rough draft * docs(0014): convert sequence diagram to png Unfortunately, Github doesn't seem to link it correctly otherwise. * fix: correct filename 0004 -> 0014 * chore: add doc version header * fix: remove X- prefix from header names * update * chore: apply review comments
merged in #306 |
This spec was motivated by me needing a payment solution for Unhash, which is an HTTP-based protocol. I already started the work to add webhooks as per this spec to ilp-kit.
This is based on @emschwartz's previous (unpublished) spec, which in turn is based on work we've done together with the rest of the Codius team.
I'm posting this here for reference, not to start a discussion about what this standard should eventually look like. I liked the approach we took with the Five Bells Ledger API - build some initial thing first, then when it's up and running and we've learned a ton, let's have a more informed conversation about standardizing it and cleaning it up (Common Ledger API). So this is just the initial thing to get us up and running.